How are NAT services not interrupted when external interfaces on the AR router used as the NAT server dynamically obtain IP addresses

28

When the AR router functions as the NAT server and the external interface changes continuously, the dialer interface needs to be configured to ensure nonstop NAT services.

Other related questions:
When AR router as a Nat Server and network interface IP address dynamically, how to ensure the continuous NAT?
When AR router as a Nat Server and external network interface is constantly changing, the need to configure Dialer interface to ensure continuous NAT.

Can the interface on the AR be configured with IPSec when it dynamically obtains an IP address
The interface can be configured with IPSec when it dynamically obtains an IP address. When the local interface is configured with a dynamic IP address and the remote interface is configured with a fixed IP address, you can configure an IPSec policy template on the remote end to implement IPSec. The 3G interface is used as an example. IKE negotiation is used. The key configuration is as follows: Interface with a dynamic IP address # ike peer peer_3g_1 v1 pre-shared-key cipher %^%#JvZxR2g8c;a9~FPN~n'$7`DEV&=G(=Et02P/%\*!%^%# //Set the preshared key to huawei. remote-address 10.5.39.160 //Specify the fixed IP address for the remote end. # ipsec proposal ipsec //Use default security parameters. # ipsec policy ipsec 1 isakmp //Configure an IPSec policy. security acl 3000 ike-peer peer_3g_1 proposal ipsec # interface Cellular0/0/0 ipsec policy ipsec //Apply the IPSec policy to the 3G interface. Other configurations of the 3G interface are not mentioned. # acl 3000 //Configure an ACL. IPSec protects the packets matching the ACL. ... # Interface with a fixed IP address # ipsec proposal ipsec # ike peer peer_3g_2 v1 //The remote interface is configured with a dynamic IP address, so there is no need to specify an IP address for the remote interface. pre-shared-key cipher %^%#K{JG:rWVHPMnf;5\|,GW(Luq'qi8BT4nOj%5W5=)%^%# //Set the pre-shared key to huawei. # ipsec policy-template temp 1 //Configure an IPSec policy template. ike-peer peer_3g_2 proposal ipsec # ipsec policy ipsec 1 isakmp template temp //Bind the IPSec policy to the IPSec policy template. # interface GigabitEthernet 1/0/0 //The interface uses a fixed IP address. ipsec policy ipsec ip address 10.5.39.160 255.255.255.255 #

Do interfaces conflict when the NAT server and outbound NAT are configured on the AR router
Interfaces do not conflict when the NAT server and outbound NAT are configured on the AR router.

Configure NAT on the AR router to allow internal hosts to access internal servers using an external IP address
All models of Huawei AR routers in V200R003C01 and later versions allow internal and external users to access internal servers by configuring static NAT. GE1/0/0 on the router connects to the internal network and its IP address is 192.168.1.1/24. GE2/0/0 on the router connects to the external network and its IP address is 11.11.11.1/8. The internal server has an internal IP address 192.168.1.2/24 and an external IP address 11.11.11.6. The internal host at 192.168.1.3/24 wants to access the internal server. The configuration details on the AR router are as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] ip address 192.168.1.1 24 [Huawei-GigabitEthernet1/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 11.11.11.1 8 [Huawei-GigabitEthernet2/0/0] quit 2. Configure a default router to ensure interconnection between internal users and the external network. [Huawei] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2 3. Configure internal users to access internal servers. The internal host use 11.11.11.6 to access servers. NAT is implemented through GE1/0/0 and one-to-one NAT is configured on the internal network service only when service requests are initiated from the internal network. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet1/0/0] nat outbound 2000 [Huawei-GigabitEthernet1/0/0] quit 4. Configure external users to access internal servers to ensure that external users use 11.11.11.6 to access internal servers. [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet2/0/0] quit

What is the difference between the Static NAT and NAT Server on AR router?
The difference between NAT Server and NAT Static configuration is: NAT Server to access the Internet from intranet, only do address replace, but NAT Static for network address; active access outside the network will also replace the address and port number.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top